Malware

Troj/Urelas-AS removal tips

Malware Removal

The Troj/Urelas-AS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Troj/Urelas-AS virus can do?

  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities to create a scheduled task
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Troj/Urelas-AS?



File Info:

name: EC007C5278D726C5FBD6.mlw
path: /opt/CAPEv2/storage/binaries/fd52e630d8a99f4f75a27b2a735e1477309cbf95c89c2235cb57f7494c22c76d
crc32: 55F5DF45
md5: ec007c5278d726c5fbd64a7eacc45251
sha1: 945b32357317758ad274155f2030b337547cefcf
sha256: fd52e630d8a99f4f75a27b2a735e1477309cbf95c89c2235cb57f7494c22c76d
sha512: 797f20942e927c8a46e3b30cc2b83ac5c3410fe54054c5baec22cee3f65d0ff6807c50106309006a1b80d30b40058582c5f70b8de2e5937166c589f101c1f8f4
ssdeep: 1536:eADO0Wbt1931D2P7BWLQ4zR4LUKMcPHFE3HP/GTW65CGEEHpWYPyW:eADO0Wc7UJ6LZMaHLW65DE8pWMn
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17EF3C31176008461F3590B315916FAE04969AD3D1AE8F98FF7787E3A6D322C39A7324F
sha3_384: 74a229a5497c176d4f4187db741863a4531b3a79a154a4a5bcc3e2fde39d7085ded3a0f157ba69f5b60856cb8bbc724f
ep_bytes: e819520000e979feffff8bff558bec8b
timestamp: 2014-06-17 13:41:09


Version Info:

0: [No Data]

Troj/Urelas-AS also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
MicroWorld-eScanGen:Heur.Mint.SP.Urelas.1
FireEyeGeneric.mg.ec007c5278d726c5
CAT-QuickHealTrojan.Beaugrit.14262
MalwarebytesGeneric.Malware.AI.DDS
VIPREGen:Heur.Mint.SP.Urelas.1
K7AntiVirusTrojan ( 005946341 )
K7GWTrojan ( 005946341 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaGen:NN.ZexaF.36738.kCX@aGY9iMpi
VirITTrojan.Win32.Generic.ECB
CyrenW32/Trojan.IMS.gen!Eldorado
SymantecML.Attribute.HighConfidence
tehtrisGeneric.Malware
ESET-NOD32a variant of Win32/Urelas.U
APEXMalicious
CynetMalicious (score: 100)
KasperskyBackdoor.Win32.Plite.bhtr
BitDefenderGen:Heur.Mint.SP.Urelas.1
NANO-AntivirusTrojan.Win32.Urelas.kbmpfg
SUPERAntiSpywareTrojan.Agent/Gen-Urelas
RisingTrojan.Urelas!1.BE13 (CLASSIC)
EmsisoftGen:Heur.Mint.SP.Urelas.1 (B)
F-SecureBackdoor.BDS/Backdoor.Gen7
ZillyaBackdoor.Plite.Win32.31611
McAfee-GW-EditionBehavesLike.Win32.Generic.cm
Trapminemalicious.high.ml.score
SophosTroj/Urelas-AS
SentinelOneStatic AI – Malicious PE
GDataWin32.Trojan.PSE.111SHMK
JiangminTrojan/GenericCryptor.bt
AviraBDS/Backdoor.Gen7
MAXmalware (ai score=84)
Antiy-AVLTrojan[Backdoor]/Win32.Plite
Kingsoftmalware.kb.a.998
XcitiumTrojWare.Win32.Urelas.SH@5674sp
ArcabitTrojan.Mint.SP.Urelas.1
ZoneAlarmBackdoor.Win32.Plite.bhtr
MicrosoftTrojan:Win32/Urelas!atmnm
GoogleDetected
AhnLab-V3Backdoor/Win.Generic.R496010
Acronissuspicious
VBA32SScope.Backdoor.Urelas.3114
Cylanceunsafe
PandaTrj/Genetic.gen
TencentTrojan.Win32.Urelas.16000161
IkarusTrojan.Win32.Beaugrit
FortinetW32/Urelas.U!tr
Cybereasonmalicious.573177
DeepInstinctMALICIOUS

How to remove Troj/Urelas-AS?

Troj/Urelas-AS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment